H3c-technologies H3C S5120 Series Switches User Manual Page 533
- Page / 745
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
1-7
Configuring an Advanced ACL
Advanced ACLs match packets based on source and destination IP addresses, protocols over IP, and
other protocol header information, such as TCP/UDP source and destination port numbers, TCP flags,
ICMP message types, and ICMP message codes.
Advanced ACLs also allow you to filter packets based on three priority criteria: type of service (ToS), IP
precedence, and differentiated services codepoint (DSCP) priority.
Compared with basic ACLs, advanced ACLs allow of more flexible and accurate filtering.
Follow these steps to configure an advanced ACL:
To do… Use the command… Remarks
Enter system view
system-view
––
Create an advanced ACL and
enter its view
acl number
acl-number [
name
acl-name ] [
match-order
{
auto
|
config
} ]
Required
By default, no ACL exists.
Advanced ACLs are numbered in
the range 3000 to 3999.
You can use the
acl
name
acl-name command to enter the
view of an existing named ACL.
Configure a description for the
advanced ACL
description
text
Optional
By default, an Advanced ACL has
no ACL description.
Set the rule numbering step
step
step-value
Optional
5 by default.
Create or edit a rule
rule
[ rule-id ] {
deny
|
permit
}
protocol [ {
established
| {
ack
ack-value |
fin
fin-value |
psh
psh-value |
rst
rst-value |
syn
syn-value |
urg
urg-value } * } |
destination
{ dest-addr
dest-wildcard |
any
} |
destination-port
operator port1
[ port2 ] |
dscp
dscp |
fragment
|
icmp-type
{ icmp-type icmp-code |
icmp-message } |
logging
|
precedence
precedence |
reflective
|
source
{ sour-addr
sour-wildcard |
any
} |
source-port
operator port1 [ port2 ] |
time-range
time-range-name |
tos
tos ] *
Required
By default, an advanced ACL does
not contain any rule.
To create or edit multiple rules,
repeat this step.
For an advanced ACL rule to be
referenc
ed by a QoS policy for
traffic classification, the
logging
keyword is not supported.
Configure or edit a rule description
rule
rule-id
comment
text
Optional
By default, an ACL rule has no rule
description.
Note that:
z You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
- Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- 1 About This Document 4
- Conventions 8
- 2 Documentation Guide 9
- Technical Support 10
- Documentation Feedback 10
- 3 Product Features 11
- Distribution Layer Switches 12
- Access Switches 12
- S9500/S7500E 13
- S5120-SI 13
- Core/Aggregation 13
- 1 CLI Configuration 15
- Entering CLI Through Telnet 20
- Command Conventions 21
- CLI View Description 22
- Command View Reference 23
- Login command views 24
- Tips on Using the CLI 28
- Typing and Editing Commands 29
- Undo Form of a Command 31
- Controlling CLI Display 31
- Saving Configurations 34
- Supported User Interfaces 37
- User Interface Number 37
- Common Configuration 42
- Password 47
- Logging In Through SSH 66
- Management System 67
- Displaying Web Users 68
- 5 Logging In Through NMS 70
- Packets 72
- 7 Controlling Login Users 73
- [Sysname] ip http acl 2030 80
- Ethernet Port Configuration 82
- Configuring a Port Group 86
- Configuration 95
- Null Interface 96
- Operational key 100
- Configuration classes 100
- Reference port 101
- LACP protocol 101
- Link aggregation modes 102
- Selecting a reference port 103
- Configuration Guidelines 106
- Network requirements 110
- Configuration procedure 110
- Table of Contents 115
- Port Isolation Configuration 116
- Networking requirements 117
- Port Mirroring Configuration 120
- 1 LLDP Configuration 125
- LLDPDUs 127
- How LLDP Works 129
- LLDP Configuration Task List 130
- Enabling LLDP 131
- Enabling LLDP Polling 132
- Configuration Prerequisites 135
- Configuring LLDP Trapping 136
- LLDP Configuration Examples 137
- LLDP status on Switch A 139
- 3) Verify the configuration 141
- 1 VLAN Configuration 143
- VLAN Fundamentals 144
- Types of VLAN 145
- Port link type 147
- Default VLAN 147
- interface vlan-interface 151
- [ vlan-interface-id ] 151
- [ interface-type 151
- VLAN Configuration Example 152
- Verification 153
- 2 Voice VLAN Configuration 154
- Voice VLAN Assignment Modes 155
- Configuring a Voice VLAN 158
- 1 MSTP Configuration 166
- Basic Concepts in STP 167
- How STP works 168
- STP timers 173
- Introduction to RSTP 174
- Introduction to MSTP 174
- Basic Concepts in MSTP 175
- Common root bridge 177
- Boundary port 177
- Roles of ports 177
- Port states 178
- How MSTP Works 179
- MSTP Configuration Task List 180
- Configuring MSTP 181
- Configuring Timers of MSTP 185
- Configuration example 190
- Configuring Port Priority 191
- Enabling the MSTP Feature 193
- Performing mCheck 194
- Configuration Procedure 195
- Configuration Example 195
- Configuring Digest Snooping 196
- GE1/0/2 GE1/0/2 198
- Configuration prerequisites 200
- Enabling BPDU guard 200
- Enabling Root guard 201
- Enabling Loop guard 202
- Enabling TC-BPDU guard 203
- MSTP Configuration Example 204
- Figure 1-13 207
- IP Addressing Configuration 210
- Special IP Addresses 211
- Subnetting and Masking 211
- Configuring IP Addresses 212
- Directly Connected Network 215
- Configuring TCP Attributes 216
- 1 ARP Configuration 222
- ARP Operation 223
- Configuring ARP 224
- Enabling the ARP Entry Check 226
- ARP Configuration Example 226
- Configuring Gratuitous ARP 227
- Introduction 229
- Configuring ARP Detection 231
- Man-in-the-middle attack 232
- ARP detection mechanism 232
- Application Environment 241
- Fundamentals 241
- Enabling DHCP 243
- Prerequisites 247
- Symptom 251
- Analysis 251
- Solution 251
- 2 DHCP Client Configuration 252
- DHCP Snooping Configuration 254
- Untrusted Untrusted 255
- BOOTP Client Configuration 262
- Through BOOTP 263
- Network requirement 264
- 1 FTP Configuration 266
- Configuring the FTP Client 267
- Configuring the FTP Server 273
- 2 TFTP Configuration 278
- Configuring the TFTP Client 279
- IP Routing and Routing Table 284
- Static Routing Configuration 288
- Configuring a Static Route 289
- 1 Multicast Overview 295
- Broadcast 296
- Multicast 297
- Features of Multicast 298
- Advantages of multicast 299
- Applications of multicast 299
- Multicast Models 300
- Multicast Architecture 300
- Multicast Addresses 301
- Multicast Protocols 303
- Layer 2 multicast protocols 304
- IGMP Snooping Configuration 306
- GE1/0/1 GE1/0/2 307
- How IGMP Snooping Works 308
- IGMP Snooping Proxying 310
- Protocols and Standards 311
- Enabling IGMP Snooping 312
- Configuring Static Ports 315
- Multicast VLAN Configuration 338
- Configuring Multicast VLAN 339
- Network requirements 342
- Network diagram 343
- 1 QoS Overview 348
- QoS Techniques Overview 349
- 2 QoS Policy Configuration 350
- Defining a Traffic Behavior 352
- Defining a Policy 352
- Applying the QoS Policy 353
- Priority Mapping Overview 355
- Priority Mapping Tables 356
- Priority Mapping Procedure 356
- Configuring Priority Mapping 357
- 4 Line Rate Configuration 361
- <Sysname> system-view 362
- SP queuing 364
- WRR queuing 364
- Configuring SP Queuing 366
- Configure WRR Queuing 367
- Configuring SP+WRR Queuing 368
- Traffic Filtering Overview 370
- Traffic Redirecting Overview 373
- 8 Appendix 374
- 802.1p Priority 376
- 1 802.1X Configuration 379
- Basic Concepts of 802.1X 380
- EAP over LAN 381
- EAP Packet Format 382
- EAP over RADIUS 383
- EAP relay 384
- EAP termination 386
- 802.1X Access Control Method 387
- 802.1X Timers 387
- VLAN assignment 388
- Guest VLAN 389
- Auth-Fail VLAN 389
- ACL assignment 390
- 802.1X Basic Configuration 391
- Enabling 802.1X for a port 392
- Enabling the Quiet Timer 394
- Configuring a Guest VLAN 395
- 802.1X Configuration Example 397
- Internet 400
- 1 AAA Configuration 407
- Introduction to RADIUS 408
- RADIUS Packet Format 410
- AAA Configuration Task List 414
- Configuring AAA 415
- [ flow ] 416
- Configuring RADIUS 424
- Creating a RADIUS Scheme 425
- 430
- AAA Configuration Examples 434
- Troubleshooting AAA 444
- 1 PKI Configuration 447
- Architecture of PKI 448
- Applications of PKI 449
- Operation of PKI 449
- PKI Configuration Task List 450
- Configuring an Entity DN 450
- Configuring a PKI Domain 452
- Deleting a Certificate 457
- PKI Configuration Examples 459
- Troubleshooting PKI 467
- Failed to Retrieve CRLs 468
- 1 SSL Configuration 470
- SSL Protocol Stack 471
- SSL Configuration Task List 472
- Troubleshooting SSL 476
- 1 SSH2.0 Configuration 479
- Version negotiation 480
- Authentication 481
- Session request 482
- Interaction 482
- Configuring an SSH User 485
- 192.168.0.2/24 490
- Vlan-int1 490
- 192.168.0.1/24 490
- 2 SFTP Service 501
- Configuring an SFTP Client 502
- Working with SFTP Files 504
- Displaying Help Information 504
- 1 Public Key Configuration 512
- 2) Configure Device B 517
- 1 HABP Configuration 522
- Configuring HABP 523
- HABP Configuration Example 524
- 1 ACL Configuration 527
- ACL Classification 528
- ACL Numbering and Naming 528
- Match Order 528
- ACL Rule Numbering Step 529
- ACL Configuration Task List 530
- Configuring an ACL 531
- Configuring an Advanced ACL 533
- Copying an ACL 535
- ACL Configuration Examples 537
- 1 Device Management 539
- Rebooting a Device 540
- Upgrading Device Software 542
- 1 NTP Configuration 550
- Advantages of NTP 551
- How NTP Works 551
- NTP Message Format 552
- Operation Modes of NTP 554
- Broadcast mode 555
- Multicast mode 555
- NTP Configuration Task List 556
- NTP Configuration Examples 565
- Root delay: 31.00 ms 571
- delay disper 571
- 1 SNMP Configuration 577
- SNMP Protocol Version 578
- MIB Overview 578
- SNMP Configuration 579
- Configuring SNMP Logging 581
- Configuring SNMP Trap 582
- Configuring Trap Parameters 583
- SNMPv3 Configuration Example 586
- 2 MIB Style Configuration 589
- 1 RMON Configuration 591
- Working Mechanism 592
- RMON Groups 592
- Private alarm group 593
- History group 593
- Ethernet statistics group 593
- 1 File System Management 602
- Directory Operations 603
- File Operations 604
- Copying a File 605
- Moving a File 605
- Deleting a File 605
- Batch Operations 606
- Storage Medium Operations 606
- Checking files 607
- <Sysname> cd 609
- <Sysname> pwd 609
- Configuration File Overview 610
- Configuration Task List 613
- Configuring Ping 620
- Ping Configuration Example 621
- Tracert 623
- System Debugging 624
- Configuring System Debugging 625
- 1 Basic Configurations 628
- Configuring the Device Name 629
- Configuring the System Clock 629
- Displaying the system clock 630
- " is in 632
- Configuring a Banner 633
- Configuring CLI Hotkeys 634
- Modifying command level 641
- Information Center Overview 644
- System Information Format 648
- Overview 665
- Mac address aging time: 500s 671
- Cluster Management Overview 673
- How a Cluster Works 674
- Introduction to NDP 675
- Introduction to NTDP 675
- DisconnectConnect 676
- Management VLAN 677
- Configuring NDP Parameters 679
- Configuring NTDP Parameters 680
- Establishing a Cluster 681
- Devices Within a Cluster 683
- Cluster Member Management 684
- Member Devices 685
- 1 HTTP Configuration 695
- Enabling the HTTP Service 696
- HTTP Configuration Example 697
- 2 HTTPS Configuration 699
- Enabling the HTTPS Service 700
- Control Policy 701
- HTTPS Configuration Example 702
- 1 Stack Configuration 707
- Establishing a Stack 708
- Configuring Stack Ports 709
- Creating a Stack 709
- Stack Configuration Example 710
- 1 PoE Configuration 714
- PoE Configuration Task List 715
- Enabling PoE 716
- Detecting PDs 717
- Configuring the PoE Power 718
- Monitoring PD 720
- Configuring PoE Profile 720
- Applying PoE Profile 721
- PoE Configuration Example 722
- Troubleshooting PoE 724
- IP Source Guard Overview 726
Related products and manuals for Routers H3c-technologies H3C S5120 Series Switches
(13 pages)
Routers H3c-technologies H3C SR8800 User Manual
(431 pages)
(431 pages)
Routers H3c-technologies H3C SR8800 User Manual
(410 pages)
(410 pages)
Routers H3c-technologies H3C SR8800 User Manual
(149 pages)
(149 pages)
Routers H3c-technologies H3C SR8800 User Manual
(135 pages)
(135 pages)
Routers H3c-technologies H3C SR8800 User Manual
(210 pages)
(210 pages)
© 2020, manymanuals.com. All rights reserved. | 0.414 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals